working on my diploma thesis I am looking for next generation malware. I already examined storm, now I was trying to go for nugache. As the botmaster was captuered some weeks ago, I was wondering if this botnet still works? I have some samples from early 2007, they do not seem to work (and still use TCP/8). Anyone with newer samples to try?
Moreover I am looking out for Asprox samples or any other samples of botnets that use FastFlux technologies.
If anyone could provide some binaries, that would be superb...
Any help is greatly appreciated!
I recently took a break from poking at Storm to do real work on some custom malware recovered in a compromise here.
This analysis is of a MS GINA hook that encrypts its log file with RC4. I'm light on mechanical details of the reversing and instead have focused on screenshots, an overview of the investigation, and some perl code to do the decrypting.
You can get the analysis here:
Owning a GINA Hook
You can get the malware here:
Over the last few days we have been getting a number of new emails with links to a specific fake video codec (which is actually a Trojan) ”get_flash_update.exe“. The attack appears to have infected a number of real and legitimate web-sites to act as malware distribution points.
For those who are not members of the ISSA, I am posting a link to some specific research articles we published in this journal. Highlighting one in particular on some data concerning Crimeware-as-a-Service or better known as server-side polymorphism.
Here you can find a Reverse Engineering Analysis of Trojan-DownloaderWin32Small a diffused Trojan that is usually spreaded through Websites.
Have a nice read..
Giuseppe 'Evilcry' Bonfa'
I am posting my latest research on data security breaches and the effect that malcode has on corporations today from a data leakage perspective.
Recently I have been doing some research into the vulnerabilities that exist with point-of-sales systems (POS) and their affect by Malware.
The research can be found here in my full blog posting:
I am posting results from a research study conducted over a 6 month period with the aim of better understanding targeted attacks.
This report contains data points corresponding to the prevalence of certain crimeware families within a particular large police agency network we audited.
Chief Corporate Evangelist
Panda Security US
The report can be found here
One of my co-workers just learned that there is a malicious html page with his name on it! When I downloaded the page down we realized that it was not a targetted attack, but a variant of the malicious pages I reported under my MSN malicious results post.
This server actually had 3179 other html pages, each one with a name starting with Ryan-. The bad guys probably used a robot to collect information from web pages. More information here...
Colin and I have been looking at some interesting blog comment spam for a while. This (rough) paper contains some of our results:
in analyzing the attack.
We had a previous post about some of this before as well.